Indictment handed down in $100M Rogue anti-Virus operation

May 29 2010, 00:20 by
by Steve Ragan -

Three men have been indicted for their role in a scam that offered Rogue anti-Virus, stretching as far back as 2003. The indictment, returned this week in Chicago, seeks the forfeiture of $100 million USD from a bank in the Ukraine, in addition to charges of computer fraud, wire fraud, and conspiracy to commit computer fraud.

The allegations that the three men charged, Bjorn Daniel Sundin, Shaileshkumar P. Jain (a.k.a. Sam Jain), and James Reno, earned $100 million USD during the course of the scam stems from a long running battle that includes not only the US Dept. of Justice, but the FTC as well.

Jain and Sundin operated a company called Innovative Marketing, which pushed some of the more infamous Rogue anti-Virus software programs. In 2008, Rogue anti-virus exploded online, netting some hefty payments for those operating the malicious campaigns.

Innovative Marketing has been tied to some of the earliest variants of the Rogue anti-Virus, namely Antivirus 2008, VirusRemover 2008, Antivirus 2008 XP, Malware Alarm, IE Antivirus, and AntiSpywareMaster.

James Reno, who operated ByteHosting, used the company’s call center to field questions and complaints from consumers related to technical issues and billing after they had purchased from Innovative Marketing. The call center employees were authorized to provide refunds to discourage the callers from notifying their credit card companies or law enforcement that they were deceived into purchasing the Rogue anti-Virus software, according to the indictment.

As mentioned, Innovative Marketing and ByteHosting have been in the news before over charges of fraud. In 2008, the FTC filed civil charges asking for a permanent injunction against both companies. The FTC’s complaint [seen here] said at the time that over one million people were tricked into purchasing Innovative Marketing’s Rogue anti-Virus offerings, noting that the business had been in operation since 2003.

In addition to the Rogue anti-Virus software mentioned by the indictment unsealed in Chicago, the FTC’s earlier complaint listed Antivirus XP, AdvancedCleaner, SystemDoctor, WinAntispyware, WinFixer, and five other applications among those sold by the public.

The indictment alleges that in order to push sales of the Rogue anti-Virus software, Innovative Marketing used various advertising tricks. The company is linked by the indictment to seven different advertising agencies that contacted an ad network so that space could be purchased for ads to be shown on sites including Major League Baseball, the National Hockey League, E-Harmony, and The Economist.

This part of the scam, the indictment notes, defrauded the ad network $85,000 USD in unpaid fees. The ads themselves, as mentioned in the FTC’s complaint and the recent one out of Chicago, would redirect users to sites hosting the Rogue anti-Virus.

In addition to the various agencies purchasing the ads, Innovative Marketing is also said to have used multiple processing services to accept payment from those who purchased the software. As complaints and chargebacks mounted, the payment processor would be dropped and a new one used in its place.

The advertising and fake infection warning were so effective, that the scheme earned those involved millions. In addition to the malicious marketing, often the software would have upsale items pre-marked, boosting the cost of the Rogue anti-Virus in some cases to well over $70.00 USD.

As part of the $100 million that the indictment says must be forfeited, there are two separate instances in the court documents that show just how much money Innovative Marketing was moving. In total, based on 42 wire transfers from accounts owned by Innovative Marketing in Sweden to accounts in Latvia, $7,400,000 USD and €7,800,000 EUR was shifted around.

Sundin and Jain were each charged with 24 counts of wire fraud, and Reno with 12 counts of wire fraud, and all three were charged with one count each of conspiracy to commit computer fraud and computer fraud. Each count of wire fraud carries a maximum penalty of 20 years in prison and a $250,000 fine. Restitution is mandatory. If convicted, the Court would determine the sentence.

An indictment only brings charges, and while there is a solid case from the looks of things, all three must be presumed innocent. Reno for his part, said in a letter to Robert McMillan of IDG News in 2009 that he was techie geek kid “who really didn’t understand the operations of a global company.” He said in the letter that Innovative Marketing took advantage of him.

“I made some mistakes of course (we all are human and all make errors) - that mistake was letting Innovative become such a large customer that we became dependant upon them - however they kept us in the dark on ALOT of their operation and we did not deal with a significant portion of what the FTC claims... Had I known to the extent the FTC claims they definitely would not been a customer and I would have laid people off to terminate their contract,” Reno said in his email.

[McMillan posted the entire letter, written during the FTC’s action against Reno, to CSO. You can see it here.]

Jain is believed to be living in the Ukraine, Sundin is said to be residing in Sweden. Reno is expected to present himself for arraignment in the future at the U.S. District Court in Chicago.

Like this article? Please share on Facebook and give The Tech Herald a Like too!